package com.kma.ncpractice2013.auth;

import com.kma.ncpractice2013.dao.UserDAO;
import com.kma.ncpractice2013.model.User;

import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;


/**
 *
 * @author Viktor
 */
public class AuthorizationServlet extends HttpServlet
{
	private String message;
    /**
     * Processes requests for both HTTP
     * <code>GET</code> and
     * <code>POST</code> methods.
     *
     * @param request servlet request
     * @param response servlet response
     * @throws javax.servlet.ServletException if a servlet-specific error occurs
     * @throws java.io.IOException if an I/O error occurs
     */


    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException, NamingException
    {
        response.setContentType("text/html;charset=UTF-8");
        PrintWriter out = response.getWriter();
        String uname = request.getParameter("username").toLowerCase();
        String pass = request.getParameter("password").toLowerCase();


	    int access_level = Crypto.getAccessLevel(uname, pass);

	    if(access_level >= User.AccessLevel.registeredCustomer.getValue() && access_level<=User.AccessLevel.administrator.getValue())
	    {
	        String url = request.getContextPath()+ "/main_page.jsp";
	        String str = response.encodeRedirectURL(url);
	        HttpSession sess = request.getSession();
		    UserDAO userDAO = new UserDAO();
	        User user = userDAO.getByLogin(uname);
		    sess.setAttribute("auth", "true");
			sess.setAttribute("user", user);
	        response.sendRedirect(str);
	    }
	    else
	    if (access_level == Crypto.ACCOUNT_BLOCKED)
	    {
		    String url = request.getContextPath()+"/error.jsp?text=You are banned. It is sad.";
		    String s = response.encodeRedirectURL(url);
		    response.sendRedirect(s);
	    }
	    else
	    {

	        String url = request.getContextPath()+"/deny.jsp";
	        String s = response.encodeRedirectURL(url);
	        response.sendRedirect(s);
	    }


    }



    /**
     * Handles the HTTP
     * <code>GET</code> method.
     *
     * @param request servlet request
     * @param response servlet response
     * @throws javax.servlet.ServletException if a servlet-specific error occurs
     * @throws java.io.IOException if an I/O error occurs
     */
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException
    {
        //processRequest(request, response);

    }

    /**
     * Handles the HTTP
     * <code>POST</code> method.
     *
     * @param request servlet request
     * @param response servlet response
     * @throws javax.servlet.ServletException if a servlet-specific error occurs
     * @throws java.io.IOException if an I/O error occurs
     */
    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException
    {
        try
        {
            processRequest(request, response);
        }
        catch (NamingException e) {
            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        }
    }

    /**
     * Returns a short description of the servlet.
     *
     * @return a String containing servlet description
     */
    @Override
    public String getServletInfo()
    {
        return "Short description";
    }
}
